@dwbit Has the team seen the feedback provided in the thread linked below?
2 Likes
Hey @grb, yes, I’ve reviewed your post directly with the team previously and the team is working on further customization, stay tuned for updates!
5 Likes
Hi, just noticed this banner for the first time but also I’m a brand new user to BitWarden Premium user.
I noticed it for my TripAdvisor entry.
Maybe this is because TripAdvisor had some breaches back in 2011 and 2014?
So I went ahead and changed the password and used the BitWarden password generator to create a new password and BitWarden even told me it was strong.
Once I successfully changed the password, I would assume the banner would go away but it did not. I feel like BitWarden should automatically clear this banner when it sees that the user has changed the password, especially if they used the built-in password generator.
I see this in both:
- BitWarden Desktop app for MacOS: 2025.12.0 (52522)
- Chrome Extension on MacOS 2025.12.0
1 Like
@bwUser5678 Welcome to the forum!
Could you please do the following tests?
-
Check your Trash folder to see if a copy of the TripAdvisor entry is present there.
-
Log in to the Web Vault, go to Reports, and run the Exposed Passwords report, the Reused Passwords report, as well as the Weak Passwords report. Does your TripAdvisor entry show up in any of those reports, and if so, which one.
-
Create a clone of the TripAdvisor item, but before saving the clone, change the password back to the old password (if you don’t know the old password, you should be able to look it up by clicking the Password history link in the existing TripAdvisor item before cloning); only change the password that is stored in the cloned item in the vault — do not make a password change on the TripAdvisor site. Is the “At-risk” warning banner now displayed in the cloned item?
-
Run the three vault health reports again, and look for the cloned TripAdvisor item. Which report(s) does it appear in?
After testing, you can/should delete the cloned version of the TripAdvisor item, and it may also be a good idea to open the Trash folder and permanently delete the clone from the Trash.
P.S. You cross-posted the same comment in another topic, which is against the Community Guidelines.
Ok, I have 734 separate bitwarden accounts, with between 1 and 198 separate microsoft credentials in each account.
When would you like to volunteer to update 734 independent Bitwarden accounts with a new manually created global equivalent domain list for microsoft because the users aren’t going to be able to figure this out on their own.
That would be a no from me unless you want to pay for the dozens (probably more) of man hours of billables trying to coordinate contacting each butwarden user and manually updating each users bitwarden account?
Fixing the dev problem is the solution for my customers, and the 16 million other user install base on the chrome store alone.
To be fair, when I said that it isn’t “that hard”, I was addressing your original concern that the process of adding a second URL would be too difficult for non-technical users to perform correctly (at least that’s how I interpreted your statement that “non-technical users…would never be able to handle this kind of manual work-around”). I wasn’t implying that the process would be efficient for a user (even a technically adept one) who has hundreds of duplicate credentials in their vault; my previous comment merely asserted that I believe non-technical users would have the capacity to understand and correctly execute the process that I described.
If you haven’t already done so, you may want to support the following feature request, which is relevant to the problems you describe:
1 Like
2018…LMAO
But I clicked that little Vote button regardless of the efficacy of such actions 
Hey, Bitwarden making it take longer, and have more billables loading password lists into spreadsheets and manually deduplicating…I guess I shouldn’t be voting against my pocketbook.
I could probably build the feature in about 15-30mins of vibe coding…but why would I bother. It’s just a waste of my life since Bitwarden couldn’t accept a PR to save it’s corporate existence.
This spooked me, because I saw this today, and I think it’s because it’s a reused password, I do have a password I commonly reuse but only on services running on my home LAN. So today I saw that warning on one of these passwords and was very concerned that there was a keylogger on one of my systems or something.
1 Like
Frustrating that this hasn’t been fixed. It’s essential to know what is the reason for the flag. I have a few records that are being flagged as “at risk” and it is only because of 2 addresses from the same site (like mobile and desktop site). There’s a big difference between a leaked password and a duplicate one.
Welcome, @jtex245 to the community!
The best approach for this scenario is to copy the URLs from one vault item into the other and then deleting the “donor” vault item, so that you have only one vault item per credential.
Beyond making the annoying message go away, it also ensures that when you change the password, it works on both sites with no need to remember to update both vault entries.
1 Like
@jtex245 Welcome to the forum!
There is a feature request exactly about that:
Don’t worry, soon enough, your brain will learn to completely ignore these warning banners… 
P.S. Welcome to the forum!
3 Likes
I get this with brand new login entries and fully secure generated passwords from Bitwarden. Makes zero sense. Any fix?
@CU3ED Welcome to the forum!
I don’t see this on versions 2026.1.x. – But when you experience this, and can document that those new login entries/passwords are not listed in the three corresponding Vault Health Reports (weak / reused / exposed), then you should report it as a potential bug on GitHub (“New issue”).